BoresXP · September 7, 2018 17:43 · BoresXP · Sep 7, 2018
diff --git a/sign.sh b/sign.sh
 #!/bin/bash
 if [ $# -eq 0 ]; then
    echo "Script that generates keys for domain."
 fi
 if [ $# -lt 1 -o $# -gt 2 ]; then
    echo "Illegan number of arguments!"
    echo "Usage:"
    echo "  $0 <domain> [mode]"
    echo "Where:"
    echo "  domain - domain name."
    echo "  mode - 0 = resign zone (default), 1 = generate keys and sign zone, 2 = generate ZSK and sign zone."
    exit
 fi

 confirm() {
    # call with a prompt string or use a default
    read -r -p "${1:-Are you sure? [y/N]} " response
    if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
        true
    else
        false
    fi
 }

 MODE=$2
 [ -z $MODE ] && MODE=0

 REMODE="^[012]$"
 if [[ ! "$MODE" =~ $REMODE ]]; then
    echo "Invalid mode!"
    exit
 fi

 KEYS=$(find . -name "K$1.+007+*.key" | sed "s/.*\(K.\+\)\.key/\1/")
 if [ $MODE -ne 1 -a -z "$KEYS" ]; then
    confirm "No keys found. Create new? [y/N]" && MODE=1
 fi

 # Signing algorithm. Use 6 or 7 here because we calling signzone with -n option.
 ALGO="RSASHA1-NSEC3-SHA1"

 # Random source. Change to /dev/urandom to speed up the process.
 RNDEV="/dev/random"

 if [ $MODE -eq 1 -o $MODE -eq 2 ]; then
    echo "Generating ZSK"
    /usr/bin/ldns-keygen -a $ALGO -b 1024 -r $RNDEV "$1"
 fi

 if [ $MODE -eq 1 ]; then
    echo "Generating KSK"
    /usr/bin/ldns-keygen -a $ALGO -k -b 2048 -r $RNDEV "$1"
 fi

 KEYS=$(find . -name "K$1.+007+*.key" | sed "s/.*\(K.\+\)\.key/\1/")

 echo "Generating salt"
 SALT=$(head -c 447 $RNDEV | shasum | cut -b 1-16)

 echo "Signing zone '$1'"
 echo "Keys found: $KEYS"

 # Change path to ldns-signzone wrapper.
 /root/ldns-signzone.sh -e 20181231 -n -s $SALT -p $1 $KEYS
	#!/bin/bash
	if [ $# -eq 0 ]; then
	echo "Script that generates keys for domain."
	fi
	if [ $# -lt 1 -o $# -gt 2 ]; then
	echo "Illegan number of arguments!"
	echo "Usage:"
	echo " $0 <domain> [mode]"
	echo "Where:"
	echo " domain - domain name."
	echo " mode - 0 = resign zone (default), 1 = generate keys and sign zone, 2 = generate ZSK and sign zone."
	exit
	fi

	confirm() {
	# call with a prompt string or use a default
	read -r -p "${1:-Are you sure? [y/N]} " response
	if [[ "$response" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then
	true
	else
	false
	fi
	}

	MODE=$2
	[ -z $MODE ] && MODE=0

	REMODE="^[012]$"
	if [[ ! "$MODE" =~ $REMODE ]]; then
	echo "Invalid mode!"
	exit
	fi

	KEYS=$(find . -name "K$1.+007+.key" \| sed "s/.\(K.\+\)\.key/\1/")
	if [ $MODE -ne 1 -a -z "$KEYS" ]; then
	confirm "No keys found. Create new? [y/N]" && MODE=1
	fi

	# Signing algorithm. Use 6 or 7 here because we calling signzone with -n option.
	ALGO="RSASHA1-NSEC3-SHA1"

	# Random source. Change to /dev/urandom to speed up the process.
	RNDEV="/dev/random"

	if [ $MODE -eq 1 -o $MODE -eq 2 ]; then
	echo "Generating ZSK"
	/usr/bin/ldns-keygen -a $ALGO -b 1024 -r $RNDEV "$1"
	fi

	if [ $MODE -eq 1 ]; then
	echo "Generating KSK"
	/usr/bin/ldns-keygen -a $ALGO -k -b 2048 -r $RNDEV "$1"
	fi

	KEYS=$(find . -name "K$1.+007+.key" \| sed "s/.\(K.\+\)\.key/\1/")

	echo "Generating salt"
	SALT=$(head -c 447 $RNDEV \| shasum \| cut -b 1-16)

	echo "Signing zone '$1'"
	echo "Keys found: $KEYS"

	# Change path to ldns-signzone wrapper.
	/root/ldns-signzone.sh -e 20181231 -n -s $SALT -p $1 $KEYS